General

  • Target

    8937a33af404ed499b426959e47ecd4ecd20b54e0cb198f259255b3275d0692f

  • Size

    580KB

  • Sample

    241106-l68nhayfjm

  • MD5

    41644f84519e562454eae4cfb3c6c2bb

  • SHA1

    b8153f16bfef046cd23cab037fa59c1e154d50c3

  • SHA256

    8937a33af404ed499b426959e47ecd4ecd20b54e0cb198f259255b3275d0692f

  • SHA512

    0c70f1bdba63113d281c9152778776b62c41301834861d050bea7c973fc59ade04cb714c3d83bcc1eaf964183d9de541437229f7aa07114493368cbc23dddac8

  • SSDEEP

    12288:EMrgy90Y7kuVzDHjLHFFxyxhlIdfaqK/uihYSEg5e:cyH77VzrjhaSc3f8l

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      8937a33af404ed499b426959e47ecd4ecd20b54e0cb198f259255b3275d0692f

    • Size

      580KB

    • MD5

      41644f84519e562454eae4cfb3c6c2bb

    • SHA1

      b8153f16bfef046cd23cab037fa59c1e154d50c3

    • SHA256

      8937a33af404ed499b426959e47ecd4ecd20b54e0cb198f259255b3275d0692f

    • SHA512

      0c70f1bdba63113d281c9152778776b62c41301834861d050bea7c973fc59ade04cb714c3d83bcc1eaf964183d9de541437229f7aa07114493368cbc23dddac8

    • SSDEEP

      12288:EMrgy90Y7kuVzDHjLHFFxyxhlIdfaqK/uihYSEg5e:cyH77VzrjhaSc3f8l

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks